/** 
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
package com.tompai.config.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Service;

import com.tompai.common.model.SysPermission;
import com.tompai.management.user.service.SysPermissionService;
import com.tompai.management.user.web.vo.SysPermissionVo;

/**
 * 权限信息提供
 * 
 * @author liinux@qq.com
 * @date 2019/10/23
 */
@Service
public class FilterISMSourceService implements FilterInvocationSecurityMetadataSource {

	private HashMap<String, Collection<ConfigAttribute>> map = null;

	@Autowired
	private SysPermissionService sysPermissionService;

	/**
	 * 此方法是为了判定用户请求的url 是否在权限表中， 如果在权限表中，则返回给 decide 方法，用来判定用户是否有此权限。 如果不在权限表中则放行。
	 *
	 * @param object
	 * @return
	 * @throws IllegalArgumentException
	 */
	@Override
	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
		if (map == null) {
			loadResourceDefine();
		}
		// object 中包含用户请求的request 信息
		HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
		AntPathRequestMatcher matcher;
		String resUrl;
		Iterator<String> iter = map.keySet().iterator();
		while (iter.hasNext()) {
			resUrl = iter.next();
			matcher = new AntPathRequestMatcher(resUrl);
			if (matcher.matches(request)) {
				return map.get(resUrl);
			}
		}
		return null;
	}

	/**
	 * 加载权限表所有权限(资源) 按照key为资源url，value为资源id
	 * 
	 * @author liinux@qq.com
	 * @date 2019/4/14 11:31
	 */
	public void loadResourceDefine() {
		map = new HashMap<>(16);
		Collection<ConfigAttribute> array;
		ConfigAttribute cfg;
		List<SysPermissionVo> permissions = sysPermissionService.selectSysPermissionInfo(new SysPermission());
		for (SysPermissionVo permission : permissions) {
			array = new ArrayList<>();
			cfg = new SecurityConfig(permission.getId());
			// 请求方法到ConfigAttribute的集合中去。此处添加的信息将会作为AccessDecisionManager类的decide的第三个参数。
			array.add(cfg);
			// 用权限的getUrl() 作为map的key，用ConfigAttribute的集合作为 value，
			if (StringUtils.isNotBlank(permission.getUrl())) {
				map.put(permission.getUrl(), array);
			}
		}
	}

	@Override
	public Collection<ConfigAttribute> getAllConfigAttributes() {
		return null;
	}

	@Override
	public boolean supports(Class<?> clazz) {
		return true;
	}
}
